Re: [TLS] checking on an scsv point
David Benjamin <davidben@chromium.org> Tue, 17 February 2015 23:46 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9771A895E for <tls@ietfa.amsl.com>; Tue, 17 Feb 2015 15:46:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jt14j7x4THkd for <tls@ietfa.amsl.com>; Tue, 17 Feb 2015 15:46:08 -0800 (PST)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25D291A6F3F for <tls@ietf.org>; Tue, 17 Feb 2015 15:46:08 -0800 (PST)
Received: by mail-ob0-f177.google.com with SMTP id wp18so57047308obc.8 for <tls@ietf.org>; Tue, 17 Feb 2015 15:46:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:from:date:message-id:subject:to:cc :content-type; bh=Wq7IwEeLTN2FDU1mDT+NJJb6h27iK0o6VvdSCA0DxvU=; b=icJD3jt3dKOkHVx6brukow86/xlMOWkAuXXPij7SnrUXboSZUR+JPw5WbcRkOZz/iP Z0WjU4TWpNOItULuRUTD/BcRFVYQY9ZS/VAi6rWkOOlu1OD0ogKxj8Q4c7gjRfFe4tJS 1XtOHDnX9O2lym61/JIHRRuNbaWepdpcIDVQQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:from:date:message-id :subject:to:cc:content-type; bh=Wq7IwEeLTN2FDU1mDT+NJJb6h27iK0o6VvdSCA0DxvU=; b=MoZm/33Q21GDQ5xHxVvOY7GKxLzq+vt9M3nprieCXlriva5QY7lZbd5wJh3NP1DEhM bVJViG4XM8VXtsx5aGdOMSauAB1J1wI2sSF1LMb3cEqSyvzJxHtX9RD4QFelDAA+ePk1 DuZIL1EYN+E5Glkxz8QxsT8WV2wcWoF0P7gAhecgUhh33pVPeduE38XON8QWDZfbgXWe NmoHX0HXpbzL83me9T7zfJPY8NozbbDP5HmQzopbZHep9S+CrA7SF0OTrZOOy73SOn1u e9G0EzEPo6WIQ4ddoXFikVpXBovyLcSDcXvWWE/Wv7ZO2JaMBGyLNexR56/m3i9u3sBA Xd9w==
X-Gm-Message-State: ALoCoQnv2g2L0gPJ/a7te0YjuFhx2BMJXiE/Qva2hq7C/qTyy+3ARiG07y39ZXi2LHLOymv3ISMs
X-Received: by 10.202.196.137 with SMTP id u131mr18932128oif.78.1424216767429; Tue, 17 Feb 2015 15:46:07 -0800 (PST)
MIME-Version: 1.0
References: <CABkgnnW+HpGuKq5BZo+OAeF_p00sWqccPk5bcsWJ-obKNU-7eg@mail.gmail.com> <20150217231046.517061B1B1@ld9781.wdf.sap.corp>
From: David Benjamin <davidben@chromium.org>
Date: Tue, 17 Feb 2015 23:46:06 +0000
Message-ID: <CAF8qwaBdcO58vMt4qKs9mK6VEg8LGVPek9WjVq_sp7GG3qwQaA@mail.gmail.com>
To: mrex@sap.com, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a1134f7da819800050f514e62"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5aiqymxmZlDewvO1pqLIzDN78LM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] checking on an scsv point
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 23:46:58 -0000
On Tue Feb 17 2015 at 6:10:55 PM Martin Rex <mrex@sap.com> wrote: > This NSS behaviour is not necessarily a problem. The more "interesting" > question is what the app callers above NSS, that have asked NSS to > include FALLBACK_SCSV, will do in response to that behaviour of NSS, > or more specifically, will they do the same that they would do in > response of a fatal invalid_downgrade alert. > > But that is a question for the apps on top rather than for NSS. > Chrome will not treat those the same in either NSS or BoringSSL ports. It'll look like either a generic protocol error or a bad ServerHello version (not sure which on NSS, but it doesn't matter), both of which continue the fallback chain. An inappropriate_fallback alert terminates the fallback chain and restores the original attempt's error code. (So the error code is reported as if there were no version fallback.) I don't really care for adding complexity to support this, either in BoringSSL's server bits or Chrome. I'm especially uninterested in accepting a client_version+1 ServerHello. It opens up questions with client_version-conditioned extensions (signature_algorithms) and isn't a secure version negotiation. FALLBACK_SCSV implies I support client_version+1 but doesn't imply that I do NOT support client_version+2. David
- [TLS] checking on an scsv point Stephen Farrell
- Re: [TLS] checking on an scsv point Martin Thomson
- Re: [TLS] checking on an scsv point Martin Rex
- Re: [TLS] checking on an scsv point Henrik Grubbström
- Re: [TLS] checking on an scsv point David Benjamin
- Re: [TLS] checking on an scsv point Martin Thomson
- Re: [TLS] checking on an scsv point Martin Rex
- Re: [TLS] checking on an scsv point Martin Rex
- Re: [TLS] checking on an scsv point Martin Thomson
- Re: [TLS] checking on an scsv point Martin Thomson
- Re: [TLS] checking on an scsv point Martin Rex
- Re: [TLS] checking on an scsv point Martin Thomson